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DETAILED ACTION 
Response to Amendment 

1 . A response under 37 CFR 1.116 requesting reconsideration in the present 
application was received on 08 November 2005. 

2. Applicant's request for reconsideration of the finality of the rejection of the last 
Office action is persuasive and, therefore, the finality of that action is withdrawn. 



Response to Arguments 



3. Applicant's arguments, see pages 2-4 of the response filed 08 November 2005, 
with respect to the rejections of claims 1-6, 14-26, 29, and 31 under 35 U.S.C. 102(e) as 
anticipated by McNabb et al, US Patent 6289462, and of claims 7-13, 27, and 28 under 
35 U.S.C. 103(a) as unpatentable over McNabb in view of "HP Virtualvault Trusted 
Web-Server Platform Product Brief, have been fully considered and are persuasive. 
Therefore, the rejection has been withdrawn. However, upon further consideration, a 
new ground(s) of rejection is made in view of the previously cited prior art in 
combination with England et al, US Patent 6327652, originally cited in the Office action 
mailed 02 February 2005, as set forth below. 
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Specification 

4. The objection to the abstract is not withdrawn. Although the abstract has been 
reduced to a single paragraph and less than 150 words, the Examiner reminds 
Applicant that the form and legal phraseology often used in patent claims should be 
avoided in the abstract. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-6, 14-26, 29, and 31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McNabb, US Patent 6289462, in view of England et al, US Patent 
6327652. 

In reference to Claims 1 and 2, McNabb discloses a method including a 
requester providing a specification of a service to be performed that establishes 
required sensitivity levels for processes in the service (see, for example, column 19, line 
55-column 20, line 2, where different processes are specified for different sensitivity 
levels) and a computing platform executing the service according to the specification 
(see the Trusted Server of Figure 1, and column 5, lines 20-29) and logging 
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performance of the processes and providing the log to the requestor (the audit trail 
described at column 7, lines 28-33). However, although McNabb discloses sensitivity 
levels that describe required security (column 8, lines 33-37 and 10-15) and that there is 
a trusted computer system (column 8, lines 40-45), McNabb does not explicitly disclose 
details of establishing the trust in the computer system, nor does McNabb explicitly 
disclose levels of trust. 

England discloses a method in which an operating system is securely loaded 
where each component of the system is associated with a trust level (column 4, lines 5- 
1 1 ) and each application is also determined to be trusted or non-trusted (column 9, lines 
1 1-20). England further discloses logging performance (see, for example, column 4, 
lines 18-23). Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the method of McNabb to incorporate levels 
of trust as taught by England, in order to guarantee the ability to distinguish between 
trusted and non-trusted systems executing on the same computer (see England, 
column 3, lines 56-61). 

In reference to Claim 3, McNabb further discloses a protected computing 
environment (see Figure 1). 

In reference to Claims 4 and 23, McNabb further discloses measuring integrity of 
the platform (see column 8, lines 40-45, regarding the trusted computer system). 
England also discloses monitoring integrity (see, for example, column 12, lines 53-65). 
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In reference to Claim 5, McNabb further discloses a management process that 
allocates the execution of processes and logging to environments associated with the 
platform (see column 21, lines 34-55). 

In reference to Claim 6, McNabb further discloses the management process 
within the protected environment (see column 21, line 34-column 22, line 2). 

In reference to Claim 14, McNabb further discloses that a process may be 
swapped between environments (see column 11, line 66-column 12, line 14). 

In reference to Claims 15-20, McNabb further discloses logging input data, output 
data, and executed program instructions of a process (see column 7, lines 28-33; 
column 23, lines 26-35). 

In reference to Claim 21 , McNabb further discloses encrypting the logging data 
(column 23, lines 26-35, where the audit record is protected). 

In reference to Claim 22, McNabb further discloses the specification of the 
service establishing logging parameters for the processes (column 23, lines 26-35). 

In reference to Claim 24, McNabb discloses a platform including a protected 
computing environment (see Figure 1) and one or more compartments (column 17, lines 
9-14), in which processes may be executed for a user in the compartments and the 
results of the processes may be returned to the user as trustworthy data from the 
protected environment (see, for example, column 6, lines 20-23), and where the 
platform further includes a management process that receives a service description 
including required sensitivity levels for processes within the service (see, for example, 
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column 19, line 55-column 20, line 2, where different processes are specified for 
different sensitivity levels) and that allocates the processes to the compartments 
(column 21, lines 34-55). However, although McNabb discloses sensitivity levels that 
describe required security (column 8, lines 33-37 and 10-15) and that there is a trusted 
computer system (column 8, lines 40-45), McNabb does not explicitly disclose details of 
establishing the trust in the computer system, nor does McNabb explicitly disclose 
levels of trust. 

England discloses a system in which an operating system is securely loaded 
where each component of the system is associated with a trust level (column 4, lines 5- 
1 1 ) and each application is also determined to be trusted or non-trusted (column 9, lines 
1 1-20). Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the platform of McNabb to incorporate levels of 
trust as taught by England, in order to guarantee the ability to distinguish between 
trusted and non-trusted systems executing on the same computer (see England, 
column 3, lines 56-61). 

In reference to Claim 25, McNabb further discloses that the compartments may 
be located outside the protected environment (Figure 12; column 17, lines 57-61). 

In reference to Claim 26, McNabb further discloses that the compartments may 
be located inside the protected environment (Figure 12; column 17, lines 57-61). 

In reference to Claim 29, McNabb further discloses measuring integrity of the 
platform (see column 8, lines 40-45, regarding the trusted computer system). England 
also discloses monitoring integrity (see, for example, column 12, lines 53-65). 
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In reference to Claim 31, McNabb further discloses the management process 
within the protected environment (column 21, line 34-column 22, line 2). 

7. Claims 7-13, 27, and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McNabb in view of England as applied to claims 5 and 24 above, and 
further in view of "HP Virtualvault Trusted Web-Server Platform Product Brief, 
hereinafter "Virtualvault". 

In reference to Claim 7, McNabb as modified by England discloses everything as 
applied to Claim 5 above. McNabb further discloses the use of compartments (see, for 
example, column 17, lines 9-14). However, McNabb does not explicitly disclose that the 
compartment contains a protected computing engine, nor does England. Virtualvault 
discloses a computing platform that includes the use of compartments, which include 
protected computing engines (see page 3, "Data Partitioning Separates and Secures 
Files"). Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the method of McNabb and England to include 
compartments containing protected computing engines, in order to provide security for 
web servers (see Virtualvault, page 2, "Virtualvault: The Answer to Secure Access"). 

In reference to Claim 8, Virtualvault further discloses a Java virtual machine (see 
page 4, "A 'Vaulted' Java Virtual Machine"). 

In reference to Claim 9, McNabb further discloses that one or more 
compartments are located in the protected environment (see Figure 12; column 17, 
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lines 57-61 ). Further, Virtualvault further discloses that one or more compartments are 
located within the protected environment (see page 3, the INSIDE compartment). 

In reference to Claim 10, McNabb further discloses that the computing engine is 
prohibited from operating on input data if it is not permitted to do so (see column 8, lines 
10-15 on Mandatory Access Control). 

In reference to Claim 1 1 , McNabb further discloses that input data and processes 
are each provided with a type, and that the operation is prevented if the types do not 
match (see column 8, lines 10-15 on Mandatory Access Control). 

In reference to Claims 12 and 13, McNabb further discloses that the input data 
may have an owner, and that the process may be required to inform the owner of the 
use of the data or to obtain consent from the owner to use the data (see column 8, line 
54-column 9, line 4). 

In reference to Claims 27 and 28, McNabb as modified by England discloses 
everything as applied to Claim 24 above. However, McNabb does not explicitly disclose 
that the compartment contains a protected computing engine, specifically a Java virtual 
machine, nor does England. Virtualvault discloses a computing platform that includes 
the use of compartments, which include protected computing engines (see page 3, 
"Data Partitioning Separates and Secures Files"). Virtualvault further specifically 
discloses a Java virtual machine (see page 4, "A Vaulted 1 Java Virtual Machine"). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the system of McNabb and England to include 
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compartments containing protected computing engines, specifically Java virtual 
machines, in order to provide security for web servers (see Virtualvault, page 2, 
"Virtualvault: The Answer to Secure Access"). 



Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Merkling et al, US Patent 5841869, discloses a system in which processes 
running in trusted compartments can be assigned a required level of trust. 

b. Richard et al, US Patent 5922074, discloses a system for distributed 
processing in which a client process requests a service from a server process, 
where the request can include a trust level, and where the processes can be on 
the same workstation. 

c. Chan et al, US Patent 6505300, discloses a system in which processes 
are given different permissions based on the level of trust for the process. 

d. Wood et al, US Patent 6892307, discloses a system in which trust levels 
requirements are established for various resources. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zachary A. Davis whose telephone number is (571 ) 272- 
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3870. The examiner can normally be reached on weekdays 8:30-6:00, alternate 
Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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